Delmar/docker_dev
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updates

Browse Source
This commit is contained in:
Julieñ
2025-11-17 18:51:08 +01:00
parent 14d6f9aa73
commit 7fb0d2212a
318 changed files with 35761 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml Executable file
View File

@@ -0,0 +1,107 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-apache
name: nextcloud-aio-apache
namespace: "{{ .Values.NAMESPACE }}"
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: nextcloud-aio-apache
strategy:
type: Recreate
template:
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-apache
spec:
securityContext:
# The items below only work in pod context
fsGroup: 33
fsGroupChangePolicy: "OnRootMismatch"
# The items below work in both contexts
runAsUser: 33
runAsGroup: 33
runAsNonRoot: true
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
seccompProfile:
type: RuntimeDefault
{{- end }}
containers:
- env:
- name: ADDITIONAL_TRUSTED_DOMAIN
value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
- name: APACHE_HOST
value: nextcloud-aio-apache
- name: APACHE_MAX_SIZE
value: "{{ .Values.APACHE_MAX_SIZE }}"
- name: APACHE_MAX_TIME
value: "{{ .Values.NEXTCLOUD_MAX_TIME }}"
- name: APACHE_PORT
value: "{{ .Values.APACHE_PORT }}"
- name: COLLABORA_HOST
value: nextcloud-aio-collabora
- name: NC_DOMAIN
value: "{{ .Values.NC_DOMAIN }}"
- name: NEXTCLOUD_HOST
value: nextcloud-aio-nextcloud
- name: NOTIFY_PUSH_HOST
value: nextcloud-aio-notify-push
- name: ONLYOFFICE_HOST
value: nextcloud-aio-onlyoffice
- name: TALK_HOST
value: nextcloud-aio-talk
- name: TZ
value: "{{ .Values.TIMEZONE }}"
- name: WHITEBOARD_HOST
value: nextcloud-aio-whiteboard
image: ghcr.io/nextcloud-releases/aio-apache:20250927_081431
readinessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 3
periodSeconds: 30
timeoutSeconds: 30
livenessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 3
periodSeconds: 30
timeoutSeconds: 30
name: nextcloud-aio-apache
ports:
- containerPort: {{ .Values.APACHE_PORT }}
protocol: TCP
- containerPort: {{ .Values.APACHE_PORT }}
protocol: UDP
securityContext:
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]
{{- end }}
add: ["NET_BIND_SERVICE"]
volumeMounts:
- mountPath: /var/www/html
name: nextcloud-aio-nextcloud
readOnly: true
- mountPath: /mnt/data
name: nextcloud-aio-apache
volumes:
- name: nextcloud-aio-nextcloud
persistentVolumeClaim:
claimName: nextcloud-aio-nextcloud
- name: nextcloud-aio-apache
persistentVolumeClaim:
claimName: nextcloud-aio-apache

16
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml Executable file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
io.kompose.service: nextcloud-aio-apache
name: nextcloud-aio-apache
namespace: "{{ .Values.NAMESPACE }}"
spec:
{{- if .Values.STORAGE_CLASS }}
storageClassName: {{ .Values.STORAGE_CLASS }}
{{- end }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.APACHE_STORAGE_SIZE }}

23
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml Executable file
View File

@@ -0,0 +1,23 @@
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-apache
name: nextcloud-aio-apache
namespace: "{{ .Values.NAMESPACE }}"
spec:
ipFamilyPolicy: PreferDualStack
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- name: "{{ .Values.APACHE_PORT }}"
port: {{ .Values.APACHE_PORT }}
targetPort: {{ .Values.APACHE_PORT }}
- name: {{ .Values.APACHE_PORT }}-udp
port: {{ .Values.APACHE_PORT }}
protocol: UDP
targetPort: {{ .Values.APACHE_PORT }}
selector:
io.kompose.service: nextcloud-aio-apache

100
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml Executable file
View File

@@ -0,0 +1,100 @@
{{- if eq .Values.CLAMAV_ENABLED "yes" }}
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-clamav
name: nextcloud-aio-clamav
namespace: "{{ .Values.NAMESPACE }}"
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: nextcloud-aio-clamav
strategy:
type: Recreate
template:
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-clamav
spec:
securityContext:
# The items below only work in pod context
fsGroup: 100
fsGroupChangePolicy: "OnRootMismatch"
# The items below work in both contexts
runAsUser: 100
runAsGroup: 100
runAsNonRoot: true
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
seccompProfile:
type: RuntimeDefault
{{- end }}
initContainers:
- name: init-subpath
image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431
command:
- mkdir
- "-p"
- /nextcloud-aio-clamav/data
volumeMounts:
- name: nextcloud-aio-clamav
mountPath: /nextcloud-aio-clamav
securityContext:
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]
{{- end }}
containers:
- env:
- name: MAX_SIZE
value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
- name: TZ
value: "{{ .Values.TIMEZONE }}"
image: ghcr.io/nextcloud-releases/aio-clamav:20250927_081431
readinessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 9
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 30
livenessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 9
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 30
name: nextcloud-aio-clamav
ports:
- containerPort: 3310
protocol: TCP
securityContext:
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]
{{- end }}
volumeMounts:
- mountPath: /var/lib/clamav
subPath: data
name: nextcloud-aio-clamav
volumes:
- name: nextcloud-aio-clamav
persistentVolumeClaim:
claimName: nextcloud-aio-clamav
{{- end }}

18
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml Executable file
View File

@@ -0,0 +1,18 @@
{{- if eq .Values.CLAMAV_ENABLED "yes" }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
io.kompose.service: nextcloud-aio-clamav
name: nextcloud-aio-clamav
namespace: "{{ .Values.NAMESPACE }}"
spec:
{{- if .Values.STORAGE_CLASS }}
storageClassName: {{ .Values.STORAGE_CLASS }}
{{- end }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.CLAMAV_STORAGE_SIZE }}
{{- end }}

19
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml Executable file
View File

@@ -0,0 +1,19 @@
{{- if eq .Values.CLAMAV_ENABLED "yes" }}
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-clamav
name: nextcloud-aio-clamav
namespace: "{{ .Values.NAMESPACE }}"
spec:
ipFamilyPolicy: PreferDualStack
ports:
- name: "3310"
port: 3310
targetPort: 3310
selector:
io.kompose.service: nextcloud-aio-clamav
{{- end }}

67
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml Executable file
View File

@@ -0,0 +1,67 @@
{{- if eq .Values.COLLABORA_ENABLED "yes" }}
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-collabora
name: nextcloud-aio-collabora
namespace: "{{ .Values.NAMESPACE }}"
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: nextcloud-aio-collabora
template:
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-collabora
spec:
containers:
- args: {{ .Values.ADDITIONAL_COLLABORA_OPTIONS | default list | toJson }}
env:
- name: DONT_GEN_SSL_CERT
value: "1"
- name: TZ
value: "{{ .Values.TIMEZONE }}"
- name: aliasgroup1
value: https://{{ .Values.NC_DOMAIN }}:443,http://nextcloud-aio-apache:23973
- name: dictionaries
value: "{{ .Values.COLLABORA_DICTIONARIES }}"
- name: extra_params
value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
- name: server_name
value: "{{ .Values.NC_DOMAIN }}"
image: ghcr.io/nextcloud-releases/aio-collabora:20250927_081431
readinessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 9
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 30
livenessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 9
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 30
name: nextcloud-aio-collabora
ports:
- containerPort: 9980
protocol: TCP
securityContext:
capabilities:
add:
- MKNOD
- CAP_SYS_ADMIN
- SYS_CHROOT
- FOWNER
- CHOWN
{{- end }}

19
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml Executable file
View File

@@ -0,0 +1,19 @@
{{- if eq .Values.COLLABORA_ENABLED "yes" }}
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-collabora
name: nextcloud-aio-collabora
namespace: "{{ .Values.NAMESPACE }}"
spec:
ipFamilyPolicy: PreferDualStack
ports:
- name: "9980"
port: 9980
targetPort: 9980
selector:
io.kompose.service: nextcloud-aio-collabora
{{- end }}

108
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml Executable file
View File

@@ -0,0 +1,108 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-database
name: nextcloud-aio-database
namespace: "{{ .Values.NAMESPACE }}"
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: nextcloud-aio-database
strategy:
type: Recreate
template:
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-database
spec:
securityContext:
# The items below only work in pod context
fsGroup: 999
fsGroupChangePolicy: "OnRootMismatch"
# The items below work in both contexts
runAsUser: 999
runAsGroup: 999
runAsNonRoot: true
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
seccompProfile:
type: RuntimeDefault
{{- end }}
initContainers:
- name: init-subpath
image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431
command:
- mkdir
- "-p"
- /nextcloud-aio-database/data
volumeMounts:
- name: nextcloud-aio-database
mountPath: /nextcloud-aio-database
securityContext:
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]
{{- end }}
containers:
- env:
- name: PGTZ
value: "{{ .Values.TIMEZONE }}"
- name: POSTGRES_DB
value: nextcloud_database
- name: POSTGRES_PASSWORD
value: "{{ .Values.DATABASE_PASSWORD }}"
- name: POSTGRES_USER
value: nextcloud
- name: TZ
value: "{{ .Values.TIMEZONE }}"
image: ghcr.io/nextcloud-releases/aio-postgresql:20250927_081431
readinessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 3
periodSeconds: 30
timeoutSeconds: 30
livenessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 3
periodSeconds: 30
timeoutSeconds: 30
name: nextcloud-aio-database
ports:
- containerPort: 5432
protocol: TCP
securityContext:
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]
{{- end }}
volumeMounts:
- mountPath: /var/lib/postgresql/data
subPath: data
name: nextcloud-aio-database
- mountPath: /mnt/data
name: nextcloud-aio-database-dump
terminationGracePeriodSeconds: 1800
volumes:
- name: nextcloud-aio-database
persistentVolumeClaim:
claimName: nextcloud-aio-database
- name: nextcloud-aio-database-dump
persistentVolumeClaim:
claimName: nextcloud-aio-database-dump

16
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml Executable file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
io.kompose.service: nextcloud-aio-database-dump
name: nextcloud-aio-database-dump
namespace: "{{ .Values.NAMESPACE }}"
spec:
{{- if .Values.STORAGE_CLASS }}
storageClassName: {{ .Values.STORAGE_CLASS }}
{{- end }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.DATABASE_DUMP_STORAGE_SIZE }}

16
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml Executable file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
io.kompose.service: nextcloud-aio-database
name: nextcloud-aio-database
namespace: "{{ .Values.NAMESPACE }}"
spec:
{{- if .Values.STORAGE_CLASS }}
storageClassName: {{ .Values.STORAGE_CLASS }}
{{- end }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.DATABASE_STORAGE_SIZE }}

17
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml Executable file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-database
name: nextcloud-aio-database
namespace: "{{ .Values.NAMESPACE }}"
spec:
ipFamilyPolicy: PreferDualStack
ports:
- name: "5432"
port: 5432
targetPort: 5432
selector:
io.kompose.service: nextcloud-aio-database

18
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml Executable file
View File

@@ -0,0 +1,18 @@
{{- if eq .Values.FULLTEXTSEARCH_ENABLED "yes" }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
io.kompose.service: nextcloud-aio-elasticsearch
name: nextcloud-aio-elasticsearch
namespace: "{{ .Values.NAMESPACE }}"
spec:
{{- if .Values.STORAGE_CLASS }}
storageClassName: {{ .Values.STORAGE_CLASS }}
{{- end }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.ELASTICSEARCH_STORAGE_SIZE }}
{{- end }}

85
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml Executable file
View File

@@ -0,0 +1,85 @@
{{- if eq .Values.FULLTEXTSEARCH_ENABLED "yes" }}
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-fulltextsearch
name: nextcloud-aio-fulltextsearch
namespace: "{{ .Values.NAMESPACE }}"
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: nextcloud-aio-fulltextsearch
strategy:
type: Recreate
template:
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-fulltextsearch
spec:
initContainers:
- name: init-volumes
image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431
command:
- chmod
- "777"
- /nextcloud-aio-elasticsearch
volumeMounts:
- name: nextcloud-aio-elasticsearch
mountPath: /nextcloud-aio-elasticsearch
containers:
- env:
- name: ES_JAVA_OPTS
value: "{{ .Values.FULLTEXTSEARCH_JAVA_OPTIONS | default "-Xms512M -Xmx512M" }}"
- name: FULLTEXTSEARCH_PASSWORD
value: "{{ .Values.FULLTEXTSEARCH_PASSWORD }}"
- name: TZ
value: "{{ .Values.TIMEZONE }}"
- name: bootstrap.memory_lock
value: "true"
- name: cluster.name
value: nextcloud-aio
- name: discovery.type
value: single-node
- name: http.port
value: "9200"
- name: logger.level
value: WARN
- name: xpack.license.self_generated.type
value: basic
- name: xpack.security.enabled
value: "false"
image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250927_081431
readinessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
livenessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
name: nextcloud-aio-fulltextsearch
ports:
- containerPort: 9200
protocol: TCP
volumeMounts:
- mountPath: /usr/share/elasticsearch/data
name: nextcloud-aio-elasticsearch
volumes:
- name: nextcloud-aio-elasticsearch
persistentVolumeClaim:
claimName: nextcloud-aio-elasticsearch
{{- end }}

19
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml Executable file
View File

@@ -0,0 +1,19 @@
{{- if eq .Values.FULLTEXTSEARCH_ENABLED "yes" }}
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-fulltextsearch
name: nextcloud-aio-fulltextsearch
namespace: "{{ .Values.NAMESPACE }}"
spec:
ipFamilyPolicy: PreferDualStack
ports:
- name: "9200"
port: 9200
targetPort: 9200
selector:
io.kompose.service: nextcloud-aio-fulltextsearch
{{- end }}

69
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml Executable file
View File

@@ -0,0 +1,69 @@
{{- if eq .Values.IMAGINARY_ENABLED "yes" }}
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-imaginary
name: nextcloud-aio-imaginary
namespace: "{{ .Values.NAMESPACE }}"
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: nextcloud-aio-imaginary
template:
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-imaginary
spec:
securityContext:
# The items below only work in pod context
fsGroup: 65534
fsGroupChangePolicy: "OnRootMismatch"
# The items below work in both contexts
runAsUser: 65534
runAsGroup: 65534
runAsNonRoot: true
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
seccompProfile:
type: RuntimeDefault
{{- end }}
containers:
- env:
- name: IMAGINARY_SECRET
value: "{{ .Values.IMAGINARY_SECRET }}"
- name: TZ
value: "{{ .Values.TIMEZONE }}"
image: ghcr.io/nextcloud-releases/aio-imaginary:20250927_081431
readinessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 3
periodSeconds: 30
timeoutSeconds: 30
livenessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 3
periodSeconds: 30
timeoutSeconds: 30
name: nextcloud-aio-imaginary
ports:
- containerPort: 9000
protocol: TCP
securityContext:
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]
{{- end }}
{{- end }}

19
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml Executable file
View File

@@ -0,0 +1,19 @@
{{- if eq .Values.IMAGINARY_ENABLED "yes" }}
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-imaginary
name: nextcloud-aio-imaginary
namespace: "{{ .Values.NAMESPACE }}"
spec:
ipFamilyPolicy: PreferDualStack
ports:
- name: "9000"
port: 9000
targetPort: 9000
selector:
io.kompose.service: nextcloud-aio-imaginary
{{- end }}

11
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml Executable file
View File

@@ -0,0 +1,11 @@
{{- if and (ne .Values.NAMESPACE "default") (ne .Values.NAMESPACE_DISABLED "yes") }}
apiVersion: v1
kind: Namespace
metadata:
name: "{{ .Values.NAMESPACE }}"
namespace: "{{ .Values.NAMESPACE }}"
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
labels:
pod-security.kubernetes.io/enforce: restricted
{{- end }}
{{- end }}

36
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml Executable file
View File

@@ -0,0 +1,36 @@
{{- if eq .Values.NETWORK_POLICY_ENABLED "yes" }}
# https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/04-deny-traffic-from-other-namespaces.md
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
namespace: "{{ .Values.NAMESPACE }}"
name: nextcloud-aio-deny-from-other-namespaces
spec:
podSelector:
matchLabels:
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector: {}
egress:
- {} # Allows all egress traffic
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
namespace: "{{ .Values.NAMESPACE }}"
name: nextcloud-aio-webserver-allow
spec:
podSelector:
matchExpressions:
- key: io.kompose.service
operator: In
values:
- nextcloud-aio-apache
policyTypes:
- Ingress
ingress:
- {} # Allows all ingress traffic
{{- end }}

18
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml Executable file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
io.kompose.service: nextcloud-aio-nextcloud-data
name: nextcloud-aio-nextcloud-data
namespace: "{{ .Values.NAMESPACE }}"
spec:
{{- if .Values.STORAGE_CLASS_DATA }}
storageClassName: {{ .Values.STORAGE_CLASS_DATA }}
{{- else if .Values.STORAGE_CLASS }}
storageClassName: {{ .Values.STORAGE_CLASS }}
{{- end }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.NEXTCLOUD_DATA_STORAGE_SIZE }}

241
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml Executable file
View File

@@ -0,0 +1,241 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-nextcloud
name: nextcloud-aio-nextcloud
namespace: "{{ .Values.NAMESPACE }}"
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: nextcloud-aio-nextcloud
strategy:
type: Recreate
template:
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-nextcloud
spec:
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
securityContext:
# The items below only work in pod context
fsGroup: 33
fsGroupChangePolicy: "OnRootMismatch"
# The items below work in both contexts
runAsUser: 33
runAsGroup: 33
runAsNonRoot: true
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
seccompProfile:
type: RuntimeDefault
{{- end }}
{{- end }} # AIO-config - do not change this comment!
# AIO settings start # Do not remove or change this line!
initContainers:
- name: init-volumes
image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431
command:
- chmod
- "777"
- /nextcloud-aio-nextcloud
- /nextcloud-aio-nextcloud-trusted-cacerts
volumeMounts:
- name: nextcloud-aio-nextcloud-trusted-cacerts
mountPath: /nextcloud-aio-nextcloud-trusted-cacerts
- name: nextcloud-aio-nextcloud
mountPath: /nextcloud-aio-nextcloud
# AIO settings end # Do not remove or change this line!
containers:
- env:
- name: SMTP_HOST
value: "{{ .Values.SMTP_HOST }}"
- name: SMTP_SECURE
value: "{{ .Values.SMTP_SECURE }}"
- name: SMTP_PORT
value: "{{ .Values.SMTP_PORT }}"
- name: SMTP_AUTHTYPE
value: "{{ .Values.SMTP_AUTHTYPE }}"
- name: SMTP_NAME
value: "{{ .Values.SMTP_NAME }}"
- name: SMTP_PASSWORD
value: "{{ .Values.SMTP_PASSWORD }}"
- name: MAIL_FROM_ADDRESS
value: "{{ .Values.MAIL_FROM_ADDRESS }}"
- name: MAIL_DOMAIN
value: "{{ .Values.MAIL_DOMAIN }}"
- name: SUBSCRIPTION_KEY
value: "{{ .Values.SUBSCRIPTION_KEY }}"
- name: APPS_ALLOWLIST
value: "{{ .Values.APPS_ALLOWLIST }}"
- name: ADDITIONAL_TRUSTED_PROXY
value: "{{ .Values.ADDITIONAL_TRUSTED_PROXY }}"
- name: ADDITIONAL_TRUSTED_DOMAIN
value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
- name: SERVERINFO_TOKEN
value: "{{ .Values.SERVERINFO_TOKEN }}"
- name: NEXTCLOUD_DEFAULT_QUOTA
value: "{{ .Values.NEXTCLOUD_DEFAULT_QUOTA }}"
- name: NEXTCLOUD_SKELETON_DIRECTORY
value: "{{ .Values.NEXTCLOUD_SKELETON_DIRECTORY }}"
- name: NEXTCLOUD_MAINTENANCE_WINDOW
value: "{{ .Values.NEXTCLOUD_MAINTENANCE_WINDOW }}"
- name: ADDITIONAL_APKS
value: "{{ .Values.NEXTCLOUD_ADDITIONAL_APKS }}"
- name: ADDITIONAL_PHP_EXTENSIONS
value: "{{ .Values.NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS }}"
- name: ADMIN_PASSWORD
value: "{{ .Values.NEXTCLOUD_PASSWORD }}"
- name: ADMIN_USER
value: admin
- name: APACHE_HOST
value: nextcloud-aio-apache
- name: APACHE_PORT
value: "{{ .Values.APACHE_PORT }}"
- name: CLAMAV_ENABLED
value: "{{ .Values.CLAMAV_ENABLED }}"
- name: CLAMAV_HOST
value: nextcloud-aio-clamav
- name: CLAMAV_MAX_SIZE
value: "{{ .Values.APACHE_MAX_SIZE }}"
- name: COLLABORA_ENABLED
value: "{{ .Values.COLLABORA_ENABLED }}"
- name: COLLABORA_HOST
value: nextcloud-aio-collabora
- name: FULLTEXTSEARCH_ENABLED
value: "{{ .Values.FULLTEXTSEARCH_ENABLED }}"
- name: FULLTEXTSEARCH_HOST
value: nextcloud-aio-fulltextsearch
- name: FULLTEXTSEARCH_INDEX
value: nextcloud-aio
- name: FULLTEXTSEARCH_PASSWORD
value: "{{ .Values.FULLTEXTSEARCH_PASSWORD }}"
- name: FULLTEXTSEARCH_PORT
value: "9200"
- name: FULLTEXTSEARCH_USER
value: elastic
- name: IMAGINARY_ENABLED
value: "{{ .Values.IMAGINARY_ENABLED }}"
- name: IMAGINARY_HOST
value: nextcloud-aio-imaginary
- name: IMAGINARY_SECRET
value: "{{ .Values.IMAGINARY_SECRET }}"
- name: INSTALL_LATEST_MAJOR
value: "{{ .Values.INSTALL_LATEST_MAJOR }}"
- name: NC_DOMAIN
value: "{{ .Values.NC_DOMAIN }}"
- name: NEXTCLOUD_DATA_DIR
value: /mnt/ncdata
- name: NEXTCLOUD_HOST
value: nextcloud-aio-nextcloud
- name: ONLYOFFICE_ENABLED
value: "{{ .Values.ONLYOFFICE_ENABLED }}"
- name: ONLYOFFICE_HOST
value: nextcloud-aio-onlyoffice
- name: ONLYOFFICE_SECRET
value: "{{ .Values.ONLYOFFICE_SECRET }}"
- name: OVERWRITEPROTOCOL
value: https
- name: PHP_MAX_TIME
value: "{{ .Values.NEXTCLOUD_MAX_TIME }}"
- name: PHP_MEMORY_LIMIT
value: "{{ .Values.NEXTCLOUD_MEMORY_LIMIT }}"
- name: PHP_UPLOAD_LIMIT
value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
- name: POSTGRES_DB
value: nextcloud_database
- name: POSTGRES_HOST
value: nextcloud-aio-database
- name: POSTGRES_PASSWORD
value: "{{ .Values.DATABASE_PASSWORD }}"
- name: POSTGRES_PORT
value: "5432"
- name: POSTGRES_USER
value: nextcloud
- name: RECORDING_SECRET
value: "{{ .Values.RECORDING_SECRET }}"
- name: REDIS_HOST
value: nextcloud-aio-redis
- name: REDIS_HOST_PASSWORD
value: "{{ .Values.REDIS_PASSWORD }}"
- name: REMOVE_DISABLED_APPS
value: "{{ .Values.REMOVE_DISABLED_APPS }}"
- name: SIGNALING_SECRET
value: "{{ .Values.SIGNALING_SECRET }}"
- name: STARTUP_APPS
value: "{{ .Values.NEXTCLOUD_STARTUP_APPS }}"
- name: TALK_ENABLED
value: "{{ .Values.TALK_ENABLED }}"
- name: TALK_PORT
value: "{{ .Values.TALK_PORT }}"
- name: TALK_RECORDING_ENABLED
value: "{{ .Values.TALK_RECORDING_ENABLED }}"
- name: TALK_RECORDING_HOST
value: nextcloud-aio-talk-recording
- name: TRUSTED_CACERTS_DIR
value: "{{ .Values.NEXTCLOUD_TRUSTED_CACERTS_DIR }}"
- name: TURN_SECRET
value: "{{ .Values.TURN_SECRET }}"
- name: TZ
value: "{{ .Values.TIMEZONE }}"
- name: UPDATE_NEXTCLOUD_APPS
value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
- name: WHITEBOARD_ENABLED
value: "{{ .Values.WHITEBOARD_ENABLED }}"
- name: WHITEBOARD_SECRET
value: "{{ .Values.WHITEBOARD_SECRET }}"
image: ghcr.io/nextcloud-releases/aio-nextcloud:20250927_081431
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
securityContext:
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]
{{- end }}
{{- end }} # AIO-config - do not change this comment!
readinessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 3
periodSeconds: 30
timeoutSeconds: 30
livenessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 3
periodSeconds: 30
timeoutSeconds: 30
name: nextcloud-aio-nextcloud
ports:
- containerPort: 9000
protocol: TCP
- containerPort: 9001
protocol: TCP
volumeMounts:
- mountPath: /var/www/html
name: nextcloud-aio-nextcloud
- mountPath: /mnt/ncdata
name: nextcloud-aio-nextcloud-data
- mountPath: /usr/local/share/ca-certificates
name: nextcloud-aio-nextcloud-trusted-cacerts
readOnly: true
terminationGracePeriodSeconds: 600
volumes:
- name: nextcloud-aio-nextcloud
persistentVolumeClaim:
claimName: nextcloud-aio-nextcloud
- name: nextcloud-aio-nextcloud-data
persistentVolumeClaim:
claimName: nextcloud-aio-nextcloud-data
- name: nextcloud-aio-nextcloud-trusted-cacerts
persistentVolumeClaim:
claimName: nextcloud-aio-nextcloud-trusted-cacerts

16
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml Executable file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
io.kompose.service: nextcloud-aio-nextcloud
name: nextcloud-aio-nextcloud
namespace: "{{ .Values.NAMESPACE }}"
spec:
{{- if .Values.STORAGE_CLASS }}
storageClassName: {{ .Values.STORAGE_CLASS }}
{{- end }}
accessModes:
- ReadWriteMany
resources:
requests:
storage: {{ .Values.NEXTCLOUD_STORAGE_SIZE }}

20
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml Executable file
View File

@@ -0,0 +1,20 @@
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-nextcloud
name: nextcloud-aio-nextcloud
namespace: "{{ .Values.NAMESPACE }}"
spec:
ipFamilyPolicy: PreferDualStack
ports:
- name: "9000"
port: 9000
targetPort: 9000
- name: "9001"
port: 9001
targetPort: 9001
selector:
io.kompose.service: nextcloud-aio-nextcloud

16
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml Executable file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
io.kompose.service: nextcloud-aio-nextcloud-trusted-cacerts
name: nextcloud-aio-nextcloud-trusted-cacerts
namespace: "{{ .Values.NAMESPACE }}"
spec:
{{- if .Values.STORAGE_CLASS }}
storageClassName: {{ .Values.STORAGE_CLASS }}
{{- end }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.NEXTCLOUD_TRUSTED_CACERTS_STORAGE_SIZE }}

93
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml Executable file
View File

@@ -0,0 +1,93 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-notify-push
name: nextcloud-aio-notify-push
namespace: "{{ .Values.NAMESPACE }}"
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: nextcloud-aio-notify-push
strategy:
type: Recreate
template:
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-notify-push
spec:
securityContext:
# The items below only work in pod context
fsGroup: 33
fsGroupChangePolicy: "OnRootMismatch"
# The items below work in both contexts
runAsUser: 33
runAsGroup: 33
runAsNonRoot: true
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
seccompProfile:
type: RuntimeDefault
{{- end }}
containers:
- env:
- name: NC_DOMAIN
value: "{{ .Values.NC_DOMAIN }}"
- name: NEXTCLOUD_HOST
value: nextcloud-aio-nextcloud
- name: POSTGRES_DB
value: nextcloud_database
- name: POSTGRES_HOST
value: nextcloud-aio-database
- name: POSTGRES_PASSWORD
value: "{{ .Values.DATABASE_PASSWORD }}"
- name: POSTGRES_PORT
value: "5432"
- name: POSTGRES_USER
value: nextcloud
- name: REDIS_HOST
value: nextcloud-aio-redis
- name: REDIS_HOST_PASSWORD
value: "{{ .Values.REDIS_PASSWORD }}"
- name: TZ
value: "{{ .Values.TIMEZONE }}"
image: ghcr.io/nextcloud-releases/aio-notify-push:20250927_081431
readinessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 3
periodSeconds: 30
timeoutSeconds: 30
livenessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 3
periodSeconds: 30
timeoutSeconds: 30
name: nextcloud-aio-notify-push
ports:
- containerPort: 7867
protocol: TCP
securityContext:
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]
{{- end }}
volumeMounts:
- mountPath: /nextcloud
name: nextcloud-aio-nextcloud
readOnly: true
volumes:
- name: nextcloud-aio-nextcloud
persistentVolumeClaim:
claimName: nextcloud-aio-nextcloud

17
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml Executable file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-notify-push
name: nextcloud-aio-notify-push
namespace: "{{ .Values.NAMESPACE }}"
spec:
ipFamilyPolicy: PreferDualStack
ports:
- name: "7867"
port: 7867
targetPort: 7867
selector:
io.kompose.service: nextcloud-aio-notify-push

73
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml Executable file
View File

@@ -0,0 +1,73 @@
{{- if eq .Values.ONLYOFFICE_ENABLED "yes" }}
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-onlyoffice
name: nextcloud-aio-onlyoffice
namespace: "{{ .Values.NAMESPACE }}"
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: nextcloud-aio-onlyoffice
strategy:
type: Recreate
template:
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-onlyoffice
spec:
initContainers:
- name: init-volumes
image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431
command:
- chmod
- "777"
- /nextcloud-aio-onlyoffice
volumeMounts:
- name: nextcloud-aio-onlyoffice
mountPath: /nextcloud-aio-onlyoffice
containers:
- env:
- name: JWT_ENABLED
value: "true"
- name: JWT_HEADER
value: AuthorizationJwt
- name: JWT_SECRET
value: "{{ .Values.ONLYOFFICE_SECRET }}"
- name: TZ
value: "{{ .Values.TIMEZONE }}"
image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250927_081431
readinessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 9
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 30
livenessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 9
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 30
name: nextcloud-aio-onlyoffice
ports:
- containerPort: 80
protocol: TCP
volumeMounts:
- mountPath: /var/lib/onlyoffice
name: nextcloud-aio-onlyoffice
volumes:
- name: nextcloud-aio-onlyoffice
persistentVolumeClaim:
claimName: nextcloud-aio-onlyoffice
{{- end }}

18
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml Executable file
View File

@@ -0,0 +1,18 @@
{{- if eq .Values.ONLYOFFICE_ENABLED "yes" }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
io.kompose.service: nextcloud-aio-onlyoffice
name: nextcloud-aio-onlyoffice
namespace: "{{ .Values.NAMESPACE }}"
spec:
{{- if .Values.STORAGE_CLASS }}
storageClassName: {{ .Values.STORAGE_CLASS }}
{{- end }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.ONLYOFFICE_STORAGE_SIZE }}
{{- end }}

19
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml Executable file
View File

@@ -0,0 +1,19 @@
{{- if eq .Values.ONLYOFFICE_ENABLED "yes" }}
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-onlyoffice
name: nextcloud-aio-onlyoffice
namespace: "{{ .Values.NAMESPACE }}"
spec:
ipFamilyPolicy: PreferDualStack
ports:
- name: "80"
port: 80
targetPort: 80
selector:
io.kompose.service: nextcloud-aio-onlyoffice
{{- end }}

76
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml Executable file
View File

@@ -0,0 +1,76 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-redis
name: nextcloud-aio-redis
namespace: "{{ .Values.NAMESPACE }}"
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: nextcloud-aio-redis
strategy:
type: Recreate
template:
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-redis
spec:
securityContext:
# The items below only work in pod context
fsGroup: 999
fsGroupChangePolicy: "OnRootMismatch"
# The items below work in both contexts
runAsUser: 999
runAsGroup: 999
runAsNonRoot: true
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
seccompProfile:
type: RuntimeDefault
{{- end }}
containers:
- env:
- name: REDIS_HOST_PASSWORD
value: "{{ .Values.REDIS_PASSWORD }}"
- name: TZ
value: "{{ .Values.TIMEZONE }}"
image: ghcr.io/nextcloud-releases/aio-redis:20250927_081431
readinessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 3
periodSeconds: 30
timeoutSeconds: 30
livenessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 3
periodSeconds: 30
timeoutSeconds: 30
name: nextcloud-aio-redis
ports:
- containerPort: 6379
protocol: TCP
securityContext:
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]
{{- end }}
volumeMounts:
- mountPath: /data
name: nextcloud-aio-redis
volumes:
- name: nextcloud-aio-redis
persistentVolumeClaim:
claimName: nextcloud-aio-redis

16
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml Executable file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
io.kompose.service: nextcloud-aio-redis
name: nextcloud-aio-redis
namespace: "{{ .Values.NAMESPACE }}"
spec:
{{- if .Values.STORAGE_CLASS }}
storageClassName: {{ .Values.STORAGE_CLASS }}
{{- end }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.REDIS_STORAGE_SIZE }}

17
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml Executable file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-redis
name: nextcloud-aio-redis
namespace: "{{ .Values.NAMESPACE }}"
spec:
ipFamilyPolicy: PreferDualStack
ports:
- name: "6379"
port: 6379
targetPort: 6379
selector:
io.kompose.service: nextcloud-aio-redis

87
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml Executable file
View File

@@ -0,0 +1,87 @@
{{- if eq .Values.TALK_ENABLED "yes" }}
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-talk
name: nextcloud-aio-talk
namespace: "{{ .Values.NAMESPACE }}"
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: nextcloud-aio-talk
template:
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-talk
spec:
securityContext:
# The items below only work in pod context
fsGroup: 1000
fsGroupChangePolicy: "OnRootMismatch"
# The items below work in both contexts
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
seccompProfile:
type: RuntimeDefault
{{- end }}
containers:
- env:
- name: TALK_MAX_STREAM_BITRATE
value: "{{ .Values.TALK_MAX_STREAM_BITRATE }}"
- name: TALK_MAX_SCREEN_BITRATE
value: "{{ .Values.TALK_MAX_SCREEN_BITRATE }}"
- name: INTERNAL_SECRET
value: "{{ .Values.TALK_INTERNAL_SECRET }}"
- name: NC_DOMAIN
value: "{{ .Values.NC_DOMAIN }}"
- name: SIGNALING_SECRET
value: "{{ .Values.SIGNALING_SECRET }}"
- name: TALK_HOST
value: nextcloud-aio-talk
- name: TALK_PORT
value: "{{ .Values.TALK_PORT }}"
- name: TURN_SECRET
value: "{{ .Values.TURN_SECRET }}"
- name: TZ
value: "{{ .Values.TIMEZONE }}"
image: ghcr.io/nextcloud-releases/aio-talk:20250927_081431
readinessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 3
periodSeconds: 30
timeoutSeconds: 30
livenessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 3
periodSeconds: 30
timeoutSeconds: 30
name: nextcloud-aio-talk
ports:
- containerPort: {{ .Values.TALK_PORT }}
protocol: TCP
- containerPort: {{ .Values.TALK_PORT }}
protocol: UDP
- containerPort: 8081
protocol: TCP
securityContext:
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]
{{- end }}
{{- end }}

82
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml Executable file
View File

@@ -0,0 +1,82 @@
{{- if eq .Values.TALK_RECORDING_ENABLED "yes" }}
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-talk-recording
name: nextcloud-aio-talk-recording
namespace: "{{ .Values.NAMESPACE }}"
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: nextcloud-aio-talk-recording
strategy:
type: Recreate
template:
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-talk-recording
spec:
securityContext:
# The items below only work in pod context
fsGroup: 122
fsGroupChangePolicy: "OnRootMismatch"
# The items below work in both contexts
runAsUser: 122
runAsGroup: 122
runAsNonRoot: true
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
seccompProfile:
type: RuntimeDefault
{{- end }}
containers:
- env:
- name: INTERNAL_SECRET
value: "{{ .Values.TALK_INTERNAL_SECRET }}"
- name: NC_DOMAIN
value: "{{ .Values.NC_DOMAIN }}"
- name: RECORDING_SECRET
value: "{{ .Values.RECORDING_SECRET }}"
- name: TZ
value: "{{ .Values.TIMEZONE }}"
image: ghcr.io/nextcloud-releases/aio-talk-recording:20250927_081431
readinessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 3
periodSeconds: 30
timeoutSeconds: 30
livenessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 3
periodSeconds: 30
timeoutSeconds: 30
name: nextcloud-aio-talk-recording
ports:
- containerPort: 1234
protocol: TCP
securityContext:
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]
{{- end }}
volumeMounts:
- mountPath: /tmp
name: nextcloud-aio-talk-recording
volumes:
- name: nextcloud-aio-talk-recording
persistentVolumeClaim:
claimName: nextcloud-aio-talk-recording
{{- end }}

18
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-persistentvolumeclaim.yaml Executable file
View File

@@ -0,0 +1,18 @@
{{- if eq .Values.TALK_RECORDING_ENABLED "yes" }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
io.kompose.service: nextcloud-aio-talk-recording
name: nextcloud-aio-talk-recording
namespace: "{{ .Values.NAMESPACE }}"
spec:
{{- if .Values.STORAGE_CLASS }}
storageClassName: {{ .Values.STORAGE_CLASS }}
{{- end }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.TALK_RECORDING_STORAGE_SIZE }}
{{- end }}

19
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml Executable file
View File

@@ -0,0 +1,19 @@
{{- if eq .Values.TALK_RECORDING_ENABLED "yes" }}
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-talk-recording
name: nextcloud-aio-talk-recording
namespace: "{{ .Values.NAMESPACE }}"
spec:
ipFamilyPolicy: PreferDualStack
ports:
- name: "1234"
port: 1234
targetPort: 1234
selector:
io.kompose.service: nextcloud-aio-talk-recording
{{- end }}

44
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml Executable file
View File

@@ -0,0 +1,44 @@
{{- if eq .Values.TALK_ENABLED "yes" }}
---
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-talk
name: nextcloud-aio-talk-public
namespace: "{{ .Values.NAMESPACE }}"
spec:
ipFamilyPolicy: PreferDualStack
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- name: "{{ .Values.TALK_PORT }}"
port: {{ .Values.TALK_PORT }}
targetPort: {{ .Values.TALK_PORT }}
- name: {{ .Values.TALK_PORT }}-udp
port: {{ .Values.TALK_PORT }}
protocol: UDP
targetPort: {{ .Values.TALK_PORT }}
selector:
io.kompose.service: nextcloud-aio-talk
---
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-talk
name: nextcloud-aio-talk
namespace: "{{ .Values.NAMESPACE }}"
spec:
ipFamilyPolicy: PreferDualStack
ports:
- name: "8081"
port: 8081
targetPort: 8081
selector:
io.kompose.service: nextcloud-aio-talk
{{- end }}

79
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml Executable file
View File

@@ -0,0 +1,79 @@
{{- if eq .Values.WHITEBOARD_ENABLED "yes" }}
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-whiteboard
name: nextcloud-aio-whiteboard
namespace: "{{ .Values.NAMESPACE }}"
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: nextcloud-aio-whiteboard
template:
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-whiteboard
spec:
securityContext:
# The items below only work in pod context
fsGroup: 65534
fsGroupChangePolicy: "OnRootMismatch"
# The items below work in both contexts
runAsUser: 65534
runAsGroup: 65534
runAsNonRoot: true
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
seccompProfile:
type: RuntimeDefault
{{- end }}
containers:
- env:
- name: BACKUP_DIR
value: /tmp
- name: JWT_SECRET_KEY
value: "{{ .Values.WHITEBOARD_SECRET }}"
- name: NEXTCLOUD_URL
value: https://{{ .Values.NC_DOMAIN }}
- name: REDIS_HOST
value: nextcloud-aio-redis
- name: REDIS_HOST_PASSWORD
value: "{{ .Values.REDIS_PASSWORD }}"
- name: STORAGE_STRATEGY
value: redis
- name: TZ
value: "{{ .Values.TIMEZONE }}"
image: ghcr.io/nextcloud-releases/aio-whiteboard:20250927_081431
readinessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 3
periodSeconds: 30
timeoutSeconds: 30
livenessProbe:
exec:
command:
- /healthcheck.sh
failureThreshold: 3
periodSeconds: 30
timeoutSeconds: 30
name: nextcloud-aio-whiteboard
ports:
- containerPort: 3002
protocol: TCP
securityContext:
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]
{{- end }}
{{- end }}

19
nextcloud-aio/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml Executable file
View File

@@ -0,0 +1,19 @@
{{- if eq .Values.WHITEBOARD_ENABLED "yes" }}
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.version: 1.37.0 (fb0539e64)
labels:
io.kompose.service: nextcloud-aio-whiteboard
name: nextcloud-aio-whiteboard
namespace: "{{ .Values.NAMESPACE }}"
spec:
ipFamilyPolicy: PreferDualStack
ports:
- name: "3002"
port: 3002
targetPort: 3002
selector:
io.kompose.service: nextcloud-aio-whiteboard
{{- end }}